BCBS 239 compliance D-Day – Data Quality Risk Checklist

It’s that time of year again, when Santa Claus, the original Data Quality Risk Manager, makes his list and checks it twice.

Risk Signpost

BCBS 239 requires Data Quality Risk to be included in a bank’s overall Risk Framework 

For the largest 30 banks in the world (known as G-SIBs), teams of experts are making final preparations ahead of the BCBS 239 compliance D-Day, which is 1st Jan 2016.

Based on the BCBS 239 document, I’ve put together a “Data Quality Risk Check-list”, that the bank’s board and senior management should sign off, after checking twice:

  1. We have updated our Risk Management Framework to include the identification, assessment and management of data quality risks
  2. We consider risk data accuracy requirements analogous to accounting materiality
  3. Our data quality risk controls surrounding risk data are as robust as those we apply to accounting data
  4. We reconcile our risk data with our sources, including our accounting data sources where appropriate, to ensure that our risk data is accurate
  5. We’ve established data taxonomies across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts
  6. We have defined our data consistently across our organisation and we hold the concepts we use and our data definitions in a “dictionary”
  7. We’ve established roles and responsibilities as they relate to the ownership and quality of risk data and information
  8. Our business owners ensure that data is correctly entered by the relevant front office unit (at source), kept current and aligned with the data definitions
  9. We measure and monitor the completeness, accuracy, timeliness and integrity of all material risk data and we have appropriate escalation channels and action plans in place to rectify poor data quality

BCBS 239 is a paradigm shift in Data Quality Risk management thinking.

Note: Major banks outside the top 30 in the world (known as the D-SIBs) have a little more breathing space. They will be required to comply with BCBS 239 within  three years of being designated as a D-SIB by their national supervisor. They have the opportunity to learn for the experience of the first wave.